JP2006332905A - Communication terminal device, transmission method and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a communication terminal device for avoiding unnecessary identification process with respect to a communication terminal device using SIP. <P>SOLUTION: The communication terminal device includes a communication unit 7 for performing call connection with SIP and communicating with a partner terminal, and an identification unit 8 for performing identification process of the partner terminal. A memory unit 6 is provided for registering one or more user name or domain name of the partner terminal for making the identification process unnecessary. At the time of call termination, the user namer or the domain name of the partner terminal is detected, and it is determined whether the detected user name or domain name of the partner terminal is registered in the memory unit 6 or not. If it is registered, the identification process by the identification unit 8 is not performed. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a communication terminal device such as an IP-FAX or an IP telephone that performs communication using a SIP (Session Initiation protocol), a communication method, and a program thereof, and particularly relates to an authentication technique.

  In a communication terminal device using SIP, a partner terminal is authenticated when an incoming call is received. There are various environments surrounding users and their communication terminal devices such as IP-FAX, IP telephone, etc., and it is assumed that the partner terminal that performs SIP does not have an authentication function, or is clearly a partner terminal that does not require authentication. The

A technique related to an IP telephone using SIP is disclosed (Patent Document 1). Further, when a terminal accesses a plurality of servers, a technique that does not require two or more authentication processes is disclosed (Patent Document 2), and a LAN system that can enjoy a communication service without using a specific domain is disclosed. (Patent Document 3) and a technique for preventing spoofed access to a specific server are disclosed (Patent Document 4).
JP 2004-228829 A JP 2002-324049 A JP 2002-198971 A JP 2003-186840 A

If the other terminal does not have an authentication function, the corner authentication function with enhanced security will be a negative effect on SIP call connection, and the other terminal that does not need to be authenticated (a partner terminal that can be trusted if it is clearly credible) In this case, there is a problem that useless authentication processing is performed.
An object of the present invention is to enable a call connection by omitting an authentication process that occurs when a SIP request is received when a partner terminal requesting a SIP connection does not require authentication.

  A communication terminal apparatus according to the invention of claim 1 is a communication terminal apparatus comprising communication means for performing call connection using SIP and communicating with a partner terminal, and authentication means for performing authentication processing of the partner terminal. Storing means for registering the user name of the partner terminal that does not need to be detected, means for detecting the user name of the partner terminal at the time of an incoming call, and determining whether the detected user name is registered in the storage means And a control means for controlling the authentication processing not to be performed by the authentication means when registered.

  According to a second aspect of the present invention, there is provided a communication terminal device according to the first aspect, wherein the storage means can register a plurality of user names that are judged to require no authentication processing.

  According to a third aspect of the present invention, there is provided a communication terminal apparatus comprising: a communication unit that performs call connection using SIP and communicates with a partner terminal; and an authentication unit that performs authentication processing of the partner terminal. Storage means for registering in advance the domain name of the partner terminal that does not need to be stored, means for detecting the domain name of the partner terminal at the time of an incoming call, and whether or not the detected domain name is registered in the storage means It is characterized by comprising means for judging and control means for controlling not to perform authentication processing by the authentication means when registered.

  According to a fourth aspect of the present invention, there is provided a communication terminal device according to the third aspect, wherein the storage means can register a plurality of domain names that are judged to require no authentication process.

  A communication method for a communication terminal apparatus according to a fifth aspect of the present invention is a communication method for a communication terminal apparatus, comprising: a step of performing call connection using SIP and communicating with a counterpart terminal; If the user name of the partner terminal that does not need to be registered in advance is detected, the user name of the partner terminal is detected when an incoming call is received, and it is determined whether or not the detected user name is registered. The authentication process is not performed.

  According to a sixth aspect of the present invention, there is provided a communication method for a communication terminal device according to the fifth aspect, wherein a plurality of user names that are judged to be unnecessary for the authentication process can be registered.

  A communication method of a communication terminal device according to a seventh aspect of the invention is a communication method of a communication terminal device in which a call connection is made using SIP to communicate with a partner terminal, and the authentication process of the partner terminal is performed. Register the domain name of the other terminal that you do not need in advance, detect the domain name of the other terminal at the time of an incoming call, determine whether the detected domain name is registered, and authenticate if registered This is characterized in that the processing is not performed.

  According to an eighth aspect of the present invention, there is provided a communication method for a communication terminal apparatus according to the seventh aspect, wherein a plurality of domain names that are judged to be unnecessary for the authentication processing can be registered.

  A program according to an invention of claim 9 is a program used in a communication terminal device configured to perform call connection with SIP to communicate with a partner terminal and to perform authentication processing of the partner terminal, and does not require the authentication processing. A registration process for registering the user name of the partner terminal to be registered, a detection process for detecting the user name of the partner terminal at the time of an incoming call, a determination process for determining whether or not the detected user name is registered, and a registration process If so, the computer is caused to execute a control process for controlling the authentication process not to be performed.

  A program according to the invention of claim 10 is a program used in a communication terminal device configured to perform call connection with SIP to communicate with a partner terminal and to perform authentication processing of the partner terminal, and does not require the authentication processing. A registration process for registering the domain name of the partner terminal to be registered, a detection process for detecting the domain name of the partner terminal at the time of an incoming call, a determination process for determining whether or not the detected domain name is registered, and a registration process If so, the computer is caused to execute a control process for controlling the authentication process not to be performed.

  According to the first, third, fifth, seventh, ninth and tenth aspects of the present invention, when the partner terminal requesting the SIP connection does not have an authentication function or can be trusted to be clearly credible, By registering the counterpart terminal in advance as authentication unnecessary, call connection can be performed even if the authentication processing is omitted.

  According to the second, fourth, sixth, and eighth inventions, there may be a plurality of specific counterpart terminals that do not require authentication, depending on the user's environment.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
FIG. 1 shows the configuration of a network surrounding a communication terminal apparatus according to an embodiment of the present invention. In FIG. 1, endpoints 1, 2, 3, and 4 are communication terminal apparatuses having a call connection function based on SIP. The present invention is applied to the endpoint 1. 5 indicates the Internet network. The end points 1, 2, 3, and 4 are communication terminal devices connected to the same Internet network 5.

  The end point 1 includes a storage unit 6. The storage unit 6 is a storage device in which information on target terminals exempted from the authentication process when a SIP request (mainly an INVITE message) is received is registered in advance. In the inventions of claims 1 and 2, “user name” is stored (registered), and in the inventions of claims 3 and 4, “domain name” is stored (registered). Further, it is a non-volatile storage device that does not erase data even when the main power supply is turned OFF / ON.

FIG. 2 is a block diagram showing a configuration of the endpoint 1 according to the embodiment of the present invention.
In FIG. 2, 6 is the storage unit, 7 is a communication unit that performs call connection with SIP and communicates with the partner terminal, 8 is an authentication unit that performs authentication processing of the partner terminal, and 9 is the user name or domain of the partner terminal at the time of the call. The name is detected, and it is determined whether or not the detected user name or domain name is registered in the storage unit 6. If the name is registered, control is performed so that the authentication process by the authentication unit 8 is not performed. Reference numeral 9 denotes a CPU that controls the entire system, 10 denotes a ROM that stores programs, 11 denotes a working RAM, and 12 denotes an information processing unit that processes information such as sound and images.

  Next, the operation of the above configuration will be described along the flowchart of FIG. The flowchart of FIG. 3 shows the operation of the transport type TCP, and the authentication method takes digest authentication as an example.

[Preparation]
The administrator of the end point 1 (application target terminal of the present invention) registers the following data in the storage unit 6 in advance.
The user name of the target terminal exempted from the authentication process (subject to claims 1 and 2). In claim 2, a plurality of numbers can be registered.
The domain name of the target terminal exempted from the authentication process (subject to claims 3 and 4). In claim 4, a plurality of numbers can be registered.

  When the endpoint 1 which is a communication terminal device according to the present invention receives an INVITE message by an incoming call (step S101 / Yes), the endpoint 1 acquires information indicating the counterpart terminal (UAC) from the from header of the INVITE message. In the first and second aspects of the invention, the user name of the counterpart terminal (UAC) is acquired from the SIP URI of the from header. It is checked whether or not the acquired user name of the partner terminal matches any one of the “user names exempting the authentication process” group registered in the storage unit 6. In claim 1, one user name that can be registered in the storage unit 6 is registered. In claim 2, a plurality of user names are registered. In the embodiment of FIG. 1, since the user names “UserB”, “UserD”, and “UserE” are registered in the storage unit 6, if the partner terminal is the endpoint 3, the authentication process is exempted (step S102). .

  In the third and fourth aspects of the invention, the domain name of the counterpart terminal (UAC) is acquired from the SIP URI of the from header. It is checked whether or not the acquired domain name of the partner terminal matches any of the “domain names exempting the authentication process” group registered in the storage unit 6. In claim 3, one domain name can be registered in the storage unit 6, and in claim 4, a plurality of domain names are registered. In the example of FIG. 1, since the domain names “East.com” and “North.com” are registered in the storage unit 6, if the partner terminal is the endpoint 4, the authentication process is exempted (step S102). .

  There is no matching user name (in the case of claims 1 and 2) and domain name (in the case of claims 3 and 4) in step S102 (step S103 / No), and the INVITE message includes an Authorization header. If the authentication information is incorrect even if the Authorization header is included (Step S104 / No), an authentication request is sent to the partner terminal by the SIP response 401 Unauthorized (Step S109). The 401 Unauthorized WWW-Authenticate header contains a challenge value, and the partner terminal (UAC) can authenticate by resending the INVITE message with this challenge value and authentication information.

  When the ACK message is received (step S110 / Yes), it waits to receive the INVITE message within the same dialog (step S101). If the response 401 Unauthorized is sent (step S109) and the ACK message is still not received after 32 seconds (step S111 / Yes), the BYE message is sent (step S112) and the dialog is closed. And end the session (END).

  On the other hand, if the matching user name (in the case of claims 1 and 2) and domain name (in the case of claims 3 and 4) exist in the storage unit 6 in the process of step S102 (step S103 / Yes), or step When the INVITE message received in the process of S104 has an Authorization header having a valid challenge value and correct authentication information (step S104 / Yes), the body data of the INVITE message is analyzed and a response 200_OK is returned (step S105). ). When the ACK message is received (step S106 / Yes), the media session is started (END). On the other hand, if the ACK message is still not received even after 32 seconds have passed since the response 200_OK was sent (Step S107 / Yes), the BYE message is sent (Step S108), the dialog is closed, and the session is closed. End (END).

  According to the present embodiment described above, it is possible to generate an authentication request at the time of an incoming call and to have a function capable of selecting unnecessary, so that a specific partner terminal that does not have an authentication function or a partner whose authentication is not clearly required It is possible to omit the authentication process for a specific partner terminal such as a terminal (a partner terminal that can be trusted if it is clearly credible). Call connection is enabled for the former terminal by omitting the authentication process that prevented SIP call connection. In addition, by making it possible to register a plurality of user names and domain names that are judged to require no authentication, it is possible to construct a use environment such as IP-FAX that matches the environment surrounding the user and the IP-FAX.

  The program in the ROM 10 for the CPU 9 to execute the processing shown in the flowchart of FIG. 3 constitutes a program according to the present invention. As a recording medium for recording the program, a semiconductor storage device, an optical and / or magnetic storage device, or the like can be used. By using such a program and recording medium in a system or the like having a configuration different from that of the above-described embodiment and causing the CPU to execute the program, substantially the same effects as those of the present invention can be obtained.

It is a block diagram of the network using the communication terminal device which concerns on one Embodiment of this invention. It is a block diagram which shows the structure of the communication terminal device which concerns on one Embodiment of this invention. It is a flowchart which shows the operation | movement which concerns on one Embodiment of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 End point as communication terminal device according to the present invention 2, 3, 4 End point 5 Internet 6 Storage unit 7 Communication unit 8 Authentication unit 9 CPU
10 ROM
11 RAM
12 Information processing department

Claims (10)

A communication terminal device comprising communication means for performing call connection with SIP and communicating with a counterpart terminal, and authentication means for performing authentication processing of the counterpart terminal,
Storage means for registering a user name of a counterpart terminal that does not require the authentication process;
Means for detecting the user name of the partner terminal at the time of the incoming call, means for determining whether or not the detected user name is registered in the storage means, and if it is registered, authentication processing by the authentication means is performed And a control means for controlling the communication terminal device so as not to exist.   2. The communication terminal apparatus according to claim 1, wherein the storage means can register a plurality of user names that are judged to require no authentication process. A communication terminal device comprising communication means for performing call connection with SIP and communicating with a counterpart terminal, and authentication means for performing authentication processing of the counterpart terminal,
Storage means for pre-registering the domain name of the counterpart terminal that does not require the authentication process;
A means for detecting the domain name of the partner terminal at the time of an incoming call, a means for determining whether or not the detected domain name is registered in the storage means, and an authentication process by the authentication means if it is registered And a control means for controlling the communication terminal device so as not to exist.   4. The communication terminal apparatus according to claim 3, wherein the storage means can register a plurality of domain names that are judged to require no authentication process. A communication method of a communication terminal device comprising a call connection with SIP and communicating with a counterpart terminal, and an authentication processing step of the counterpart terminal,
Pre-registering the user name of the counterpart terminal that does not require the authentication process, detecting the user name of the counterpart terminal at the time of an incoming call, and determining whether the detected user name is registered The communication method of the communication terminal device, wherein the authentication processing step is not performed when registered.   The communication method of the communication terminal device according to claim 5, wherein a plurality of user names that are judged to be unnecessary for the authentication process can be registered. A communication method of a communication terminal device comprising a call connection with SIP and communicating with a counterpart terminal, and an authentication processing step of the counterpart terminal,
Pre-registering the domain name of the counterpart terminal that does not require the authentication process, detecting the domain name of the counterpart terminal at the time of an incoming call, and determining whether the detected domain name is registered The communication method of the communication terminal device, wherein the authentication processing step is not performed when registered.   8. The communication method for a communication terminal device according to claim 7, wherein a plurality of domain names for which the authentication process is determined to be unnecessary can be registered. A program used in a communication terminal device configured to perform call connection with SIP to communicate with a partner terminal and to perform authentication processing of the partner terminal,
A registration process for registering the user name of the counterpart terminal that does not require the authentication process;
A detection process for detecting the user name of the partner terminal at the time of an incoming call;
A determination process for determining whether or not the detected user name is registered;
A program for causing a computer to execute a control process for controlling not to perform the authentication process if registered. A program used in a communication terminal device configured to perform call connection with SIP to communicate with a partner terminal and to perform authentication processing of the partner terminal,
A registration process for registering the domain name of the partner terminal that does not require the authentication process;
A detection process for detecting the domain name of the partner terminal when an incoming call is received;
A determination process for determining whether or not the detected domain name is registered;
A program for causing a computer to execute a control process for controlling not to perform the authentication process if registered.

Images